New grid service simulates DDoS attacks

A new online service launched by grid computing vendor Parabon Computation aims to help companies better prepare for Distributed denial of service (DDoS) attacks by giving them a way to simulate a full-fledged DDoS attack on their networks.

A new online service launched by grid computing vendor Parabon Computation aims to help companies better prepare for Distributed denial of service (DDoS) attacks by giving them a way to simulate a full-fledged DDoS attack on their networks.

Parabon operates one of the largest commercial computational grids in the country. Its new Blitz Distributed Testing Service makes use of the thousands of computers on its online computing grid to generate DDoS attacks on demand against specified targets.

The service allows companies to test their networks against DDoS attacks at scales comparable to a full-on cyberattack, according to Steve Armentrout, president and CEO of Parabon. Currently, the company can harness anywhere between 5,000 and 10,000 computers on its grid to generate targetted network traffic against a site or server, Armentrout said.

That number is still far less than the tens of thousands of compromised computers that are sometimes used to launch a DDoS attack against a target.

Even so, the service is a considerable improvement over current DDoS testing approaches, in which a single standalone high-performance computer might be used to generate very fast traffic against a network to test its ability to withstand such loads.

Such network load and performance tests "do not get to the true nature of a massive distributed denial of service attack," which can come from anywhere, Armentrout said.

Related

The Parabon Blitz service got its first public airing at the Department of Defense's Defense Information Systems Agency (DISA) Customer Partnership Conference in Anaheim, last week. DISA provides information technology and communications support for the entire Department of Defense.

Steven Hutchison, a test and evaluation executive at DISA, said Parabon's Blitz service is "remarkable" in that it allows for a very realistic simulation of a DDoS attack. "It allows you to put many different assets to hit a [target] application at one time. So your entry points are from all over as opposed to network load testing," involving a single source of traffic, Hutchison said.

Such a service can be very useful for "red-teaming" exercises in which Department of Defense networks are tested for weakness in "operationally realistic" conflict situations, he said.

DDoS attacks are often considered one of the biggest problems on the Internet because they are very difficult to stop. They can last for weeks and are sometimes used by extortionists as a way to extract money from targets.

The attacks in Estonia degraded network service for nearly two weeks and there have been numerous similar attacks on commercial and government targets in the US over the past few years.

Over the years companies have resorted to a variety of methods to mitigate the effects of a DDoS attack. The most common approach has been to set aside extra network bandwidth and server processing capacity to withstand sudden surges in traffic.

Another has been to geographically distribute web servers so as to be able to quickly move services away from an affected site if needed.